Fixes bug 660115.

Part of the cause of the confusion that led to this problem is I think that we have 3 different 'user' objects that can be passed to different methods: a simple dict, an auth.User object, and a db.sqlalchemy.models.User object (which maps __getitem__ to getattr for good measure.) When we sweep through and add clear docstrings to every method, explaining their inputs and outputs, I think errors like these will be less likely.
author: Michael Gundlach <michael.gundlach@rackspace.com> 2010-10-14 02:18:33 +0000
committer: Tarmac <> 2010-10-14 02:18:33 +0000
commit: 134b846d23be923f7453e945e92f32dffbc54f50 (patch)
tree: 9fc035930f9a2589294522b0bd15b200dcc10b4b /nova/api
parent: a4aa6725be683e7e1f35df1e54069b755d19551b (diff)
parent: 03962c39bf4ecbe424d3960f7fbbd19c37911757 (diff)
1 files changed, 21 insertions, 21 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index 4c909293e..7aba55728 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -24,9 +24,9 @@ class BasicApiAuthManager(object):
     def __init__(self, host=None, db_driver=None):
         if not host:
             host = FLAGS.host
-        self.host = host                                                                                                                                     
+        self.host = host
         if not db_driver:
-            db_driver = FLAGS.db_driver                                                                                                                      
+            db_driver = FLAGS.db_driver
         self.db = utils.import_object(db_driver)
         self.auth = auth.manager.AuthManager()
         self.context = Context()
@@ -40,20 +40,19 @@ class BasicApiAuthManager(object):
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
         try:
-            username, key = req.headers['X-Auth-User'], \
-                req.headers['X-Auth-Key']
+            username = req.headers['X-Auth-User']
+            key = req.headers['X-Auth-Key']
         except KeyError:
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
-        username, key = req.headers['X-Auth-User'], req.headers['X-Auth-Key']
         token, user = self._authorize_user(username, key)
         if user and token:
             res = webob.Response()
-            res.headers['X-Auth-Token'] = token['token_hash']
+            res.headers['X-Auth-Token'] = token.token_hash
             res.headers['X-Server-Management-Url'] = \
-                token['server_management_url']
-            res.headers['X-Storage-Url'] = token['storage_url']
-            res.headers['X-CDN-Management-Url'] = token['cdn_management_url']
+                token.server_management_url
+            res.headers['X-Storage-Url'] = token.storage_url
+            res.headers['X-CDN-Management-Url'] = token.cdn_management_url
             res.content_type = 'text/plain'
             res.status = '204'
             return res
@@ -65,34 +64,35 @@ class BasicApiAuthManager(object):
         
         If the token has expired, returns None
         If the token is not found, returns None
-        Otherwise returns the token
+        Otherwise returns dict(id=(the authorized user's id))
 
         This method will also remove the token if the timestamp is older than
         2 days ago.
         """
         token = self.db.auth_get_token(self.context, token_hash) 
         if token:
-            delta = datetime.datetime.now() - token['created_at']
+            delta = datetime.datetime.now() - token.created_at
             if delta.days >= 2:
                 self.db.auth_destroy_token(self.context, token)
             else:
-                user = self.auth.get_user(token['user_id'])
-                return { 'id':user['uid'] }
+                #TODO(gundlach): Why not just return dict(id=token.user_id)?
+                user = self.auth.get_user(token.user_id)
+                return {'id': user.id}
         return None
 
     def _authorize_user(self, username, key):
         """ Generates a new token and assigns it to a user """
         user = self.auth.get_user_from_access_key(key)
-        if user and user['name'] == username:
+        if user and user.name == username:
             token_hash = hashlib.sha1('%s%s%f' % (username, key,
                 time.time())).hexdigest()
-            token = {}
-            token['token_hash'] = token_hash
-            token['cdn_management_url'] = ''
-            token['server_management_url'] = self._get_server_mgmt_url()
-            token['storage_url'] = ''
-            token['user_id'] = user['uid']
-            self.db.auth_create_token(self.context, token)
+            token_dict = {}
+            token_dict['token_hash'] = token_hash
+            token_dict['cdn_management_url'] = ''
+            token_dict['server_management_url'] = self._get_server_mgmt_url()
+            token_dict['storage_url'] = ''
+            token_dict['user_id'] = user.id
+            token = self.db.auth_create_token(self.context, token_dict)
             return token, user
         return None, None
author	Michael Gundlach <michael.gundlach@rackspace.com>	2010-10-14 02:18:33 +0000
committer	Tarmac <>	2010-10-14 02:18:33 +0000
commit	134b846d23be923f7453e945e92f32dffbc54f50 (patch)
tree	9fc035930f9a2589294522b0bd15b200dcc10b4b /nova/api
parent	a4aa6725be683e7e1f35df1e54069b755d19551b (diff)
parent	03962c39bf4ecbe424d3960f7fbbd19c37911757 (diff)